﻿using System;
using System.Text;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Collections.Generic;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using LanceZhang.Research.BLL;
using LanceZhang.Research.Model;
using System.Security;
using System.Security.Cryptography;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    /// <summary>
    /// 验证用户登陆
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void btnOK_Click(object sender, EventArgs e)
    {
        string strStaffAcount = this.txtUserName.Text;
        string strPassword = this.txtPassWord.Text;
        bool result;

        //将当前取得的密码值转化为对应的hash值
        byte[] EncodePwd = new byte[20];
        EncodePwd = Encoding(strPassword);

        TBL_User user=new TBL_User();
        TBL_UserModel usermodel = new TBL_UserModel();
        try
        {
            usermodel = user.GetModel(strStaffAcount);
        }
        catch (Exception ex)
        {
            lblMessage.Text = "数据库未启动！";
            return;
        }


        if (usermodel == null)
        {
            lblMessage.Text = "用户不存在！";
            return;
        }

        if (Compare(EncodePwd,usermodel.Password))
        {
            result = true;
        }
        else
        {
            result = false;
        }

        //如果登录成功
        if (result == true)
        {
            //同时获取该用户的其他信息
            Session["UM"] = usermodel;
            TBL_UserRole urc = new TBL_UserRole();
            DataSet ur = urc.GetList(" UserID='"+usermodel.UserID+"'");
            List<string> roles=new List<string>();
            foreach (DataRow dr in ur.Tables[0].Rows)
            {
                roles.Add(dr[1].ToString());
            }

            Session["UR"] = roles;

            if (usermodel.Status == true)
            {
                if (FormsAuthentication.GetRedirectUrl(usermodel.UserID, false).IndexOf("default.aspx") == -1)
                {
                    //如果用户试图访问其他网页，则跳转到该网页。
                    FormsAuthentication.RedirectFromLoginPage(usermodel.UserID, false);
                }
                else
                {
                    //如果用户访问的是登录网页，则跳转到“显示员工信息”网页。
                    FormsAuthentication.SetAuthCookie(usermodel.UserID, false);
                    Response.Redirect("Default.aspx");
                }
            }
            else
            {
                this.lblMessage.Text = " 该账户被停用!";
            }
        }//if
        else
        {
            //否则跳转到登录页面
            this.lblMessage.Text = " 用户名或密码不正确!";
        }
    }

    /// <summary>
    /// 计算输入密码的hash值
    /// </summary>
    /// <param name="chars">EncodePwd</param>
    /// <returns></returns>
    private byte[] Encoding(string chars)
    {
        //采用了SHAI算法计算输入密码的hash值
        SHA1Managed mydata = new SHA1Managed();
        byte[] bites = new byte[20];
        ASCIIEncoding pw = new ASCIIEncoding();
        bites = pw.GetBytes(chars);
        bites = mydata.ComputeHash(bites);
        return bites;
    }

    /// <summary>
    /// 匹配密码
    /// </summary>
    /// <param name="b1"></param>
    /// <param name="b2"></param>
    /// <returns>是否正确</returns>
    private bool Compare(byte[] b1, byte[] b2)
    {
        for (int i = 0; i < 19; i++)
        {
            if (b1[i] != b2[i])
                return false;
        }
        return true;
    }
}
